Lines 195-201
Notes:
Link Here
|
195 |
</vuln> |
195 |
</vuln> |
196 |
|
196 |
|
197 |
<vuln vid="e6ccaf8a-6c63-11e7-9b01-2047478f2f70"> |
197 |
<vuln vid="e6ccaf8a-6c63-11e7-9b01-2047478f2f70"> |
198 |
<topic>strongswan -- Insufficient Input Validation in gmp Plugin</topic> |
198 |
<topic>strongswan -- multiple vulnerabilities</topic> |
199 |
<affects> |
199 |
<affects> |
200 |
<package> |
200 |
<package> |
201 |
<name>strongswan</name> |
201 |
<name>strongswan</name> |
Lines 205-220
Notes:
Link Here
|
205 |
<description> |
205 |
<description> |
206 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
206 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
207 |
<p>strongSwan security team reports:</p> |
207 |
<p>strongSwan security team reports:</p> |
208 |
<blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html"> |
208 |
<blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-5.5.3-released.html"> |
209 |
<p>RSA public keys passed to the gmp plugin aren't validated sufficiently |
209 |
<ul> |
210 |
before attempting signature verification, so that invalid input might |
210 |
<li>RSA public keys passed to the gmp plugin aren't validated sufficiently |
211 |
lead to a floating point exception.</p> |
211 |
before attempting signature verification, so that invalid input might |
|
|
212 |
lead to a floating point exception. [CVE-2017-9022]</li> |
213 |
<li>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when |
214 |
parsing X.509 certificates with extensions that use such types. This |
215 |
could lead to infinite looping of the thread parsing a specifically crafted certificate.</li> |
216 |
</ul> |
212 |
</blockquote> |
217 |
</blockquote> |
213 |
</body> |
218 |
</body> |
214 |
</description> |
219 |
</description> |
215 |
<references> |
220 |
<references> |
216 |
<url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html</url> |
221 |
<url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html</url> |
217 |
<cvename>CVE-2017-9022</cvename> |
222 |
<cvename>CVE-2017-9022</cvename> |
|
|
223 |
<url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html</url> |
224 |
<cvename>CVE-2017-9023</cvename> |
218 |
</references> |
225 |
</references> |
219 |
<dates> |
226 |
<dates> |
220 |
<discovery>2017-05-30</discovery> |
227 |
<discovery>2017-05-30</discovery> |